Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3d6b1a-6d61-44b8-8cbb-23608f6ae2ea/1/OAV1sWnsG8BFifgf6exarhuEBqA.roa
File:                     OAV1sWnsG8BFifgf6exarhuEBqA.roa (raw, json)
Hash identifier:          rDorLrnaIpu4ofVsgdY3h/LFnwZ1HNp6y8PC3rUnoGs=
Subject key identifier:   38:05:75:B1:69:EC:1B:C0:45:89:F8:1F:E9:EC:5A:AE:1B:84:06:A0
Certificate issuer:       /CN=921c4fda367c5383b15c2a7143ad4b10c955cea0
Certificate serial:       03BBD592
Authority key identifier: 92:1C:4F:DA:36:7C:53:83:B1:5C:2A:71:43:AD:4B:10:C9:55:CE:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/khxP2jZ8U4OxXCpxQ61LEMlVzqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3d6b1a-6d61-44b8-8cbb-23608f6ae2ea/1/OAV1sWnsG8BFifgf6exarhuEBqA.roa
Signing time:             Sat 01 Jan 2022 04:03:56 +0000
ROA not before:           Sat 01 Jan 2022 04:03:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     202680
IP address blocks:        185.152.104.0/22 maxlen: 22
                          2a07:8180::/29 maxlen: 29

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 62641554 (0x3bbd592)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=921c4fda367c5383b15c2a7143ad4b10c955cea0
        Validity
            Not Before: Jan  1 04:03:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=380575b169ec1bc04589f81fe9ec5aae1b8406a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8e:ed:17:8b:fd:52:18:85:2b:f7:97:4b:e6:
                    5e:f8:a5:74:a2:98:49:cd:99:48:7d:24:cd:cf:7b:
                    2d:fb:74:df:0f:7f:25:e2:87:65:dd:8c:df:3e:5f:
                    70:9f:b6:03:2a:7a:f1:5c:2a:e2:3e:73:0f:d8:56:
                    a9:8c:51:9b:e4:d0:c6:86:90:4c:65:a1:a1:56:cc:
                    28:ca:55:91:cc:ed:9a:b9:a5:df:5f:27:d7:34:21:
                    09:85:98:b6:9d:66:f1:44:2a:23:54:6c:51:39:c7:
                    3d:71:96:a8:4a:20:7d:a1:1b:18:32:73:f5:d3:90:
                    9e:72:cf:b0:ad:04:61:0b:e0:70:e5:c3:b0:a5:8a:
                    61:6a:a9:75:34:8b:cd:dc:3d:9b:0e:d4:6b:1a:2c:
                    a4:56:fd:4d:86:9e:05:62:93:a1:a0:57:45:63:8b:
                    47:a1:74:2b:aa:c5:33:0f:12:81:5a:24:9c:51:cb:
                    1d:6c:5c:25:02:b2:fe:a5:9c:e5:8e:a8:83:f7:94:
                    3e:c7:99:1c:97:b9:c1:10:49:3e:d2:34:6f:91:da:
                    97:13:d8:45:6b:54:41:05:5a:a1:5e:69:11:0d:39:
                    54:ba:79:f2:9a:77:fa:c5:30:b4:64:29:7d:1f:a9:
                    f1:54:8c:3b:97:a4:1b:6c:2f:69:62:1e:97:6d:e7:
                    e1:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:05:75:B1:69:EC:1B:C0:45:89:F8:1F:E9:EC:5A:AE:1B:84:06:A0
            X509v3 Authority Key Identifier:
                keyid:92:1C:4F:DA:36:7C:53:83:B1:5C:2A:71:43:AD:4B:10:C9:55:CE:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/khxP2jZ8U4OxXCpxQ61LEMlVzqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3d6b1a-6d61-44b8-8cbb-23608f6ae2ea/1/OAV1sWnsG8BFifgf6exarhuEBqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3d6b1a-6d61-44b8-8cbb-23608f6ae2ea/1/khxP2jZ8U4OxXCpxQ61LEMlVzqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.104.0/22
                IPv6:
                  2a07:8180::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:06:64:20:44:17:b0:88:4b:8f:ce:b7:57:93:06:3b:73:1e:
         bb:6a:50:45:29:b4:f7:89:f0:e1:07:4b:95:60:b6:a0:51:29:
         16:43:2d:4e:7c:dd:c0:7c:9b:0e:99:6e:fd:70:1b:23:05:dd:
         fa:5c:43:60:f3:43:90:f6:50:1e:23:62:27:3c:b5:47:d1:1c:
         e8:bf:36:5f:4b:b7:47:45:20:c8:6f:03:4f:f8:e7:af:bd:bc:
         a8:c6:21:87:83:b0:af:22:2d:76:cd:68:42:37:d8:4a:66:ef:
         66:31:76:cc:9f:38:81:08:a0:a8:c8:57:ec:d5:d3:54:a8:1f:
         7a:92:37:c1:49:09:4c:c3:18:4a:ab:b5:ce:48:a3:9d:99:90:
         e4:6a:c6:f3:42:f9:4a:4a:c8:ed:00:1c:61:2d:f3:5b:7e:77:
         ab:0a:46:a9:dc:39:2d:f9:2a:a0:2e:b7:09:78:04:cd:69:48:
         6f:0d:a5:08:8d:b8:38:f9:4c:71:36:76:54:30:9b:b7:dd:94:
         68:76:1f:b2:ed:20:07:a4:51:17:3e:1b:f6:21:5b:9c:81:63:
         73:2e:ca:d4:de:cb:2b:5d:3f:76:b5:3d:a1:84:9e:22:59:1c:
         89:4a:c9:81:8c:99:bf:b2:89:6a:1a:06:ef:09:fd:4a:9f:cd:
         80:9d:3b:73
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEA7vVkjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
MjFjNGZkYTM2N2M1MzgzYjE1YzJhNzE0M2FkNGIxMGM5NTVjZWEwMB4XDTIyMDEw
MTA0MDM1NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzgwNTc1YjE2OWVj
MWJjMDQ1ODlmODFmZTllYzVhYWUxYjg0MDZhMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALOO7ReL/VIYhSv3l0vmXvildKKYSc2ZSH0kzc97Lft03w9/
JeKHZd2M3z5fcJ+2Ayp68Vwq4j5zD9hWqYxRm+TQxoaQTGWhoVbMKMpVkcztmrml
318n1zQhCYWYtp1m8UQqI1RsUTnHPXGWqEogfaEbGDJz9dOQnnLPsK0EYQvgcOXD
sKWKYWqpdTSLzdw9mw7UaxospFb9TYaeBWKToaBXRWOLR6F0K6rFMw8SgVoknFHL
HWxcJQKy/qWc5Y6og/eUPseZHJe5wRBJPtI0b5HalxPYRWtUQQVaoV5pEQ05VLp5
8pp3+sUwtGQpfR+p8VSMO5ekG2wvaWIel23n4TECAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBQ4BXWxaewbwEWJ+B/p7FquG4QGoDAfBgNVHSMEGDAWgBSSHE/aNnxTg7Fc
KnFDrUsQyVXOoDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2toeFAyalo4VTRPeFhDcHhRNjFMRU1sVnpxQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTkvM2Q2YjFhLTZkNjEtNDRiOC04Y2JiLTIzNjA4ZjZhZTJlYS8x
L09BVjFzV25zRzhCRmlmZ2Y2ZXhhcmh1RUJxQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTkv
M2Q2YjFhLTZkNjEtNDRiOC04Y2JiLTIzNjA4ZjZhZTJlYS8xL2toeFAyalo4VTRP
eFhDcHhRNjFMRU1sVnpxQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEArmYaDANBAIAAjAHAwUDKgeBgDAN
BgkqhkiG9w0BAQsFAAOCAQEAIAZkIEQXsIhLj863V5MGO3Meu2pQRSm094nw4QdL
lWC2oFEpFkMtTnzdwHybDplu/XAbIwXd+lxDYPNDkPZQHiNiJzy1R9Ec6L82X0u3
R0UgyG8DT/jnr728qMYhh4OwryItds1oQjfYSmbvZjF2zJ84gQigqMhX7NXTVKgf
epI3wUkJTMMYSqu1zkijnZmQ5GrG80L5SkrI7QAcYS3zW353qwpGqdw5LfkqoC63
CXgEzWlIbw2lCI24OPlMcTZ2VDCbt92UaHYfsu0gB6RRFz4b9iFbnIFjcy7K1N7L
K10/drU9oYSeIlkciUrJgYyZv7KJahoG7wn9Sp/NgJ07cw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:01 2024 by rpki-client on console-fra.rpki-client.org